Planning Access Rights to NIS+ Tables

NIS+ objects other than NIS+ tables are primarily structural. NIS+ tables,
however, are a different kind of object: they are informational. Access to
NIS+ tables is required by all NIS+ principals and applications running on
behalf of those principals. Therefore, their access requirements are a somewhat
different.

Table 3-2 lists the default access rights assigned
to NIS+ tables. If any columns provide rights in addition to those of the
table, they are also listed. You can change these rights at the table and
entry level with the nischmod command, and at the column
level with the nistbladm -u command. "Protecting the Encrypted Passwd Field"
provides just one example of how to change table rights to accommodate different
needs.

Table 3-2 Default Access Rights for NIS+ Tables and Columns

Table/Column

Nobody

Owner

Group

World

hosts table

r---

rmcd

rmcd

r---

bootparams table

r---

rmcd

rmcd

r---

passwd table

----

rmcd

rmcd

r---

name column

r---

----

----

----

passwd column

----

-m--

----

----

uid column

r---

----

----

----

gid column

r---

----

----

----

gcos column

r---

-m--

----

----

home column

r---

----

----

----

shell column

r---

----

----

----

shadow column

----

----

----

----

group table

----

rmcd

rmcd

r---

name column

r---

----

----

----

passwd column

----

-m--

----

----

gid column

r---

----

----

----

members column

r---

-m--

----

----

cred table

r---

rmcd

rmcd

r---

cname column

----

----

----

----

auth_type column

----

----

----

----

auth_name column

----

----

----

----

public_data column

----

-m--

----

----

private_data column

----

-m--

----

----

networks table

r---

rmcd

rmcd

r---

netmasks table

r---

rmcd

rmcd

r---

ethers table

r---

rmcd

rmcd

r---

services table

r---

rmcd

rmcd

r---

protocols table

r---

rmcd

rmcd

r---

rpc table

r---

rmcd

rmcd

r---

auto_home table

r---

rmcd

rmcd

r---

auto_master table

rmcd

rmcd

r---

Note -

NIS-compatible domains give the nobody class read rights to the passwd table at the table level.